Operation GoldenAxe2:ActiveX attacks targeting reunification, diplomacy and security stakeholders
Contents
SUMMARY
Even after the inter-Korean summit, it was recently confirmed that North Korean hacking group was distributing malware to experts in unification, diplomacy and security using the ActiveX vulnerability of groupware solution.
A malware from North Korea has been circulated through the watering hole technique on the website of "sejong research Institute". This institute is a private think tank that studies unification, diplomacy and security.
The malware connects to the C&C server and sends information of the PC, downloads and executes additional malware. And the malware is the latest variant of the "GoldenAxe organization" known for its attacks by North Korea.
The "GoldenAxe organization" is a malicious organization that has attacked Korean companies and organizations through certain web sites for about 12 years from 2007 to May 2018 by exploiting ActiveX vulnerabilities in Korean software.
North Korea targeted the weak points of major ActiveX modules that are installed not only in the South Korean public …
Even after the inter-Korean summit, it was recently confirmed that North Korean hacking group was distributing malware to experts in unification, diplomacy and security using the ActiveX vulnerability of groupware solution.
A malware from North Korea has been circulated through the watering hole technique on the website of "sejong research Institute". This institute is a private think tank that studies unification, diplomacy and security.
The malware connects to the C&C server and sends information of the PC, downloads and executes additional malware. And the malware is the latest variant of the "GoldenAxe organization" known for its attacks by North Korea.
The "GoldenAxe organization" is a malicious organization that has attacked Korean companies and organizations through certain web sites for about 12 years from 2007 to May 2018 by exploiting ActiveX vulnerabilities in Korean software.
North Korea targeted the weak points of major ActiveX modules that are installed not only in the South Korean public …
IoC
http://www.nkeconomy.com/news/articleView.html?idxno=135
http://www.sejong.org
http://www.sejong.org/_lib/conf/config.php
http://www.sejong.org/js/menu.js
http://www.sejong.org/pub/inc/config.php
https://www.srider.net/www/custom.asp?id=sj
http://www.sejong.org
http://www.sejong.org/_lib/conf/config.php
http://www.sejong.org/js/menu.js
http://www.sejong.org/pub/inc/config.php
https://www.srider.net/www/custom.asp?id=sj